System requirements and supported configurations - PingCentral

Page created: 24 Jul 2020 |

Page updated: 18 Oct 2021

| 5 min read

Product PingCentral 15 Developer Audience Administrator 1.5

For the best possible experience, ensure your computer meets or exceeds the minimum system requirements and become familiar with the configurations supported for this release.

PingFederate:

PingFederate 10.1.1
PingFederate 10.1
PingFederate 10.0
PingFederate 9.3
PingFederate 9.2

PingAccess:

PingAccess 6.1.1
PingAccess 6.1
PingAccess 5.3.2

Platforms:

Microsoft Windows Server 2016
Microsoft Windows Server 2019
Red Hat Enterprise Linux ES 7.6
Red Hat Enterprise Linux ES 8.0

Browsers:

Chrome
Firefox

Java runtime environments:

Oracle Java 11 LTS
OpenJDK 11

Docker:

Version: Docker 18.09.0
Host operating system: Ubuntu 18.04 LTS
Kernel: 4.4.0-1052-aws 7.3

Note:

Ping Identity accepts no responsibility for the performance of any specific virtualization software and in no way guarantees the performance or interoperability of any virtualization software with its products.

Supported configurations

PingCentral is an orchestrator for PingFederate. Configurations are sourced from PingFederate to define PingCentral applications and templates. Configure each environment in advance and ensure you have working authentication policies with persistent grants, access token mappings, and access token managers (ATMs) in place before using PingCentral to promote new applications.

Review additional information regarding supported features, protocols, and frameworks before you get started:

General configurations

Configuration	Supported	Unsupported
Single sign-on and user management	Directly managing users, which are stored in PingCentral embedded database. Signing on with SSO using an OIDC token. Beta feature: Provisioning users from an external store using API calls.
Entitlements	Assigning one or more application owners that have already been provisioned. Editing and promoting entitlements for an application.	Assigning groups of users entitlements based on an external attribute, such as LDAP group membership.
Backup and restoration	Saving the database and configuration files by copying the directories h2-data/ and config/ to a new instance. Note: To ensure these files contain the most up-to-date information, do not copy them while PingCentral is running.	Using an API to export PingCentral configuration information.

Configuration	Supported	Unsupported
Client authentication	Using the client secret method or nothing at all. Client secrets can be provided by the user or generated.	Using a client TLS certificate, private key JWT, or symmetric keys.
Grant types	Using all OAuth and OIDC grant types.
Scopes	All scopes and exclusive scopes referenced in the PingFederate client JSON file, which is obtained during the template creation process.
ATMs and OIDC policies	Saving ATMs or OIDC policies into templates created from client applications that have them. Note: If ATMs or OIDC policies do not exist in an environment, PingCentral will create them during the promotion process. If an ATM or OIDC policy of the same name already exists in a target environment, it will not be modified.	Saving or promoting access token mapping, persistent grants, policy contracts, or authentication policies.
Selectors		Connection set selectors. Clients can only be automatically connected to authentication policies via policy contracts. If your authentication logic requires use of a selector, add it in PingFederate.

Configuration	Supported	Unsupported
Bindings	Using POST bindings.	Using artifact, redirect, or SOAP bindings.
Profiles	IdP-initiated SSO SP-initiated SSO IdP-initiated SLO SP-initiated SLO
Attribute mapping	Mapping attributes, provided by a single authentication policy contract, in an unspecified format. You can also map attributes to static text.	Mapping attributes from data sources, such as basic or URI. Using OGNL expressions as part of attribute mapping.
Policy contracts	Referencing one policy contract per template.	Referencing more than one policy per template. Note: If multiple policy contracts are referenced in a template when it is promoted, newly-created applications will only map attributes from the first policy contract referenced. If PingFederate applications are directly added to PingCentral, the mappings from each policy contract are preserved.
Adapter mappings		Use authentication policy contract mappings instead of adapter mappings.
Certificate management	Providing a public certificate for an SP connection. PingCentral creates a self-signed certificate with an expiration date of one year from today and configures it as the PingFederate IdP certificate. Uploading a key pair to use as the IdP certificate for all SAML connections promoted to an environment.	An SP certificate is required to promote a SAML connection, but might be optional in future releases.

Configuration	Supported	Unsupported
Destination	Both Agent and Site are supported.	The destination is not promoted with the application but selected per environment.
PingAccess application types	All application types (Web, API and Web+API) are supported.	The application type cannot be changed in PingCentral.
Token provider	PingFederate must be the token provider.	Third-party token providers for PingAccess are not supported.
Application resources	Resources can be added and updated for each application.
Resource ordering	Automated and manual resource ordering are both supported.
Identity mappings	Identity mappings for all application types (Web, API and Web+API) are supported.	Identity mappings are not promoted with the application but selected per environment.
Virtual hosts	Virtual hosts are supported.	Virtual hosts are not promoted with the application bu selected per environment.
Policy	Application and resource policies can be updated per application.	New rules and rule sets cannot be created in PingCental.